Re: Security question: sqlplus and the ps cmd on Unix

In article <3ld2nr$iok_at_clarknet.clark.net>, nardone_at_clark.net (Joe Nardone) says:
>
>Eli Haber (haber_at_panix.com) wrote:
>: I am having a security problem with Oracle and Unix.
 

>: The problem is this: If you use the Unix ps command to
>: see what processes are running and you use the -f option,
>: you can see the entire command line entered by another
>: user, thus enabling you to see their password.
 

>: Is there any way around this?
>
>Yes- don't type your password on the command line.
>
>This is not a security problem, this is carelessness on the
>part of your users.
>
>SOme other possibilities on getting around this (with varying levels of
>security)-
>1. use OPS$ accounts. THen they can log in to Oracle using
> sqlplus /
>
>2. tell them to create a shell script with the right permissions
> (700) that contains
> sqlplus user/password
>
>Joe

  These are good suggestions. We use OPS$ here. Another way would be to throw a ps script earlier in the user's path, limiting access to the real one. Of course, that is assuming users need access to the OS. On our UNIX box, users are thrown immediately into the application and escorted out as well.

                                        Brian

--
Brian Graham                    .
Programmer / DBA        ._______|_______. Tel: 613-560-5470
Public Service Alliance       \(*)/       Fax: 613-563-3492
of Canada                     o/ \o       Email: grahamb_at_psac.com